Page 1 of 1
autostart OpenVPN server?
Posted: Sun May 15, 2016 8:28 pm
by icefire
So I know this is a stupid question and believe me, I tried fixing this on my own.
I have a working OpenVPN server on a Raspberry Pi (running jessie). In order to start the server so that clients can connect, I have to do the following:
Code: Select all
sudo openvpn /etc/openvpn/server.conf
I wanted that the VPN Server starts automatically, so I edited /etc/default/openvpn like this:
However, nothing happens upon restart. Clients cannot connect. The OpenVPN service seems to be running though:
Code: Select all
pi@raspberrypi:~ $ service openvpn status
в—Џ openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled)
Active: active (exited) since Sun 2016-05-15 20:15:44 UTC; 8min ago
Process: 1148 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 1148 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/openvpn.service
In order to get it working, I need to restart the vpn service:
Once I do this, all clients can connect.
What am I missing? Why should I restart the openvpn service seconds after starting the Pi? How can I make server.conf fire up automatically on startup?
Re: autostart OpenVPN server?
Posted: Sun May 15, 2016 9:17 pm
by Traffic
OpenVPN Server Log file ..
Re: autostart OpenVPN server?
Posted: Mon May 16, 2016 7:39 am
by icefire
Log file after fresh restart:
Code: Select all
Mon May 16 07:18:23 2016 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Mon May 16 07:18:23 2016 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Mon May 16 07:18:23 2016 Diffie-Hellman initialized with 2048 bit key
Mon May 16 07:18:23 2016 Control Channel Authentication: using '/etc/openvpn/easy-rsa/keys/ta.key' as a OpenVPN static key file
Mon May 16 07:18:23 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 16 07:18:23 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 16 07:18:23 2016 Socket Buffers: R=[163840->131072] S=[163840->131072]
Mon May 16 07:18:23 2016 TCP/UDP: Socket bind failed on local address [AF_INET]192.168.2.35:1593: Cannot assign requested address
Mon May 16 07:18:23 2016 Exiting due to fatal error
I checked if anything is using my port but this didn't seem to be the case:
Code: Select all
pi@raspberrypi:~ $ sudo netstat -pntua
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 588/Xtightvnc
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 588/Xtightvnc
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 486/sshd
tcp 0 0 192.168.2.35:5901 192.168.2.33:56021 ESTABLISHED 588/Xtightvnc
tcp6 0 0 :::22 :::* LISTEN 486/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 383/dhcpcd
udp 0 0 0.0.0.0:37979 0.0.0.0:* 518/weavedconnectd.
udp 0 0 192.168.2.35:123 0.0.0.0:* 505/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 505/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 505/ntpd
udp 0 0 0.0.0.0:57997 0.0.0.0:* 361/avahi-daemon: r
udp 0 0 0.0.0.0:5353 0.0.0.0:* 361/avahi-daemon: r
udp 0 0 192.168.2.35:56300 192.168.2.1:5351 ESTABLISHED 518/weavedconnectd.
udp6 0 0 fe80::8701:d877:a52:123 :::* 505/ntpd
udp6 0 0 ::1:123 :::* 505/ntpd
udp6 0 0 :::123 :::* 505/ntpd
udp6 0 0 :::5353 :::* 361/avahi-daemon: r
udp6 0 0 :::48111 :::* 361/avahi-daemon: r
Once again, here is the service status after a fresh restart:
Code: Select all
pi@raspberrypi:~ $ service openvpn status
openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled)
Active: active (exited) since Mon 2016-05-16 07:18:23 UTC; 10min ago
Process: 484 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 484 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/openvpn.service
In order to get it working, I should either restart the service or (as I just found out) start it, as if it weren't already running.
Code: Select all
pi@raspberrypi:~ $ service openvpn start
Re: autostart OpenVPN server?
Posted: Mon May 16, 2016 1:01 pm
by icefire
Ok, I managed to solve it. The solution is quite simple actually - I just removed the line
from server.conf
What is actually the point of having such a line at all? The Pi has only one local static IP address, in this case 192.168.2.33 so the openvpn service cannot listen on any other IP address.
Re: autostart OpenVPN server?
Posted: Mon May 16, 2016 4:46 pm
by Traffic
--
local specifies the address for openvpn to bind to and listen on ..
See
--local in
The Manual v23x
The
real problem you have is that your network is not available when openvpn starts.
You need to change your startup procedure ..
Re: autostart OpenVPN server?
Posted: Thu Mar 23, 2017 8:08 pm
by bick
I came to the forums due to this same problem. I even created a script to restart openvpn w/ a cron job set to run at boot. This still did not work. I had to log in to the Pi and run the restart command myself.
Commenting out the local x.x.x.x line in server.conf did the trick for me as well. However, I would rather not have to comment out that line. Any tips though on how to change the startup procedure so that openvpn is not started until after networking? I am unsure how to go about figuring that out. If you could point me in the right direction, I would be happy to rtfm.
Re: autostart OpenVPN server?
Posted: Thu Mar 23, 2017 8:34 pm
by TinCanTech
bick wrote:Any tips though on how to change the startup procedure
See the documentation for your operating system (which you also fail to mention) ..
HOWTO:
https://openvpn.net/index.php/open-sour ... html#start
Wiki:
https://community.openvpn.net/openvpn/wiki/HOWTO
Please see:
HOWTO: Request Help !